Bugtraq mailing list archives
Re: Sun Security Bulletin #00195 (fwd)
From: Alan J Rosenthal <flaps () DGP TORONTO EDU>
Date: Wed, 2 Aug 2000 20:29:46 -0400
Vulnerable: SunOS 5.7, 5.7_x86, 5.6, and 5.6_x86 Not vulnerable: All other supported versions of SunOS.
by gum, I HATE these. Is solaris 2.5 vulnerable? Is solaris 2.5.1 vulnerable? Inquiring minds want to know! If some of those aren't supported, fine, don't answer... but does the above refuse to answer for 2.5.1 or does it assert that it's not vulnerable? Greater men than you or I have gone to their graves without knowing. I mean, there aren't so many other supported versions of SunOS that they couldn't list them. Also, in a few months' time it will be harder when reading this advisory to determine which versions of SunOS were supported *then*, when the advisory was *written*, as opposed to at the time the advisory is being *read*. I'm sure I'm not the only person on this mailing list who frequently has the task of bringing some poorly configured obscure version of some OS up to date on security patches. One doesn't always have the luxury of having followed these matters as they evolved. But that's not all; I truly don't know whether or not solaris 2.5.1 is still supported and it would take some checking to find out (using web pages which may or may not be up to date), whereas the people writing the advisory surely must know whether or not they are claiming that 2.5.1 isn't vulnerable. (fortunately I removed set[ug]id bits from /usr/lib/lp/bin/netpr and /usr/bin/lpset quite a long time ago, so it doesn't have to matter to me, which is one of the few things which keeps me sane [funny John Cleese face])
Current thread:
- Sun Security Bulletin #00195 (fwd) Bob Wickline (Aug 02)
- <Possible follow-ups>
- Re: Sun Security Bulletin #00195 (fwd) Alan J Rosenthal (Aug 03)
- Re: Sun Security Bulletin #00195 (fwd) John Riddoch (Aug 03)
- Re: Sun Security Bulletin #00195 (fwd) John Riddoch (Aug 04)